[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.238' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 31.278660] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 31.285844] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 31.295053] F2FS-fs (loop0): invalid crc value [ 31.301576] ================================================================== [ 31.308974] BUG: KASAN: slab-out-of-bounds in build_segment_manager+0x7ca3/0x80e0 [ 31.316568] Read of size 4 at addr ffff8880a925b5a4 by task syz-executor283/7974 [ 31.324071] [ 31.325674] CPU: 0 PID: 7974 Comm: syz-executor283 Not tainted 4.14.289-syzkaller #0 [ 31.333526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 31.342852] Call Trace: [ 31.345414] dump_stack+0x1b2/0x281 [ 31.349019] print_address_description.cold+0x54/0x1d3 [ 31.354270] kasan_report_error.cold+0x8a/0x191 [ 31.358917] ? build_segment_manager+0x7ca3/0x80e0 [ 31.363820] __asan_report_load4_noabort+0x68/0x70 [ 31.368720] ? kasan_unpoison_task_stack_below+0x50/0x50 [ 31.374145] ? build_segment_manager+0x7ca3/0x80e0 [ 31.379047] build_segment_manager+0x7ca3/0x80e0 [ 31.383783] ? flush_sit_entries+0x2840/0x2840 [ 31.388342] ? __raw_spin_lock_init+0x28/0x100 [ 31.392901] f2fs_fill_super+0x2e21/0x56a0 [ 31.397120] ? snprintf+0xa5/0xd0 [ 31.400554] ? f2fs_commit_super+0x3a0/0x3a0 [ 31.404939] ? ns_test_super+0x50/0x50 [ 31.408807] ? set_blocksize+0x125/0x380 [ 31.412857] mount_bdev+0x2b3/0x360 [ 31.416460] ? f2fs_commit_super+0x3a0/0x3a0 [ 31.420840] mount_fs+0x92/0x2a0 [ 31.424181] vfs_kern_mount.part.0+0x5b/0x470 [ 31.428650] do_mount+0xe65/0x2a30 [ 31.432177] ? retint_kernel+0x2d/0x2d [ 31.436038] ? copy_mount_string+0x40/0x40 [ 31.440246] ? memset+0x20/0x40 [ 31.443499] ? copy_mount_options+0x1fa/0x2f0 [ 31.447967] ? copy_mnt_ns+0xa30/0xa30 [ 31.451829] SyS_mount+0xa8/0x120 [ 31.455263] ? copy_mnt_ns+0xa30/0xa30 [ 31.459126] do_syscall_64+0x1d5/0x640 [ 31.462989] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.468151] RIP: 0033:0x7f78529d43aa [ 31.471847] RSP: 002b:00007ffff50e23e8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 31.479525] RAX: ffffffffffffffda RBX: 00007ffff50e2440 RCX: 00007f78529d43aa [ 31.486773] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffff50e2400 [ 31.494032] RBP: 00007ffff50e2400 R08: 00007ffff50e2440 R09: 0000000000000000 [ 31.501363] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 31.508611] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 31.515858] [ 31.517463] Allocated by task 7974: [ 31.521064] kasan_kmalloc+0xeb/0x160 [ 31.524840] __kmalloc_node+0x4c/0x70 [ 31.528613] kvmalloc_node+0x46/0xd0 [ 31.532300] build_segment_manager+0xeb9/0x80e0 [ 31.536941] f2fs_fill_super+0x2e21/0x56a0 [ 31.541146] mount_bdev+0x2b3/0x360 [ 31.544746] mount_fs+0x92/0x2a0 [ 31.548096] vfs_kern_mount.part.0+0x5b/0x470 [ 31.552913] do_mount+0xe65/0x2a30 [ 31.556426] SyS_mount+0xa8/0x120 [ 31.559854] do_syscall_64+0x1d5/0x640 [ 31.563719] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.568877] [ 31.570475] Freed by task 0: [ 31.573461] (stack is not available) [ 31.577140] [ 31.578741] The buggy address belongs to the object at ffff8880a925b580 [ 31.578741] which belongs to the cache kmalloc-64 of size 64 [ 31.591197] The buggy address is located 36 bytes inside of [ 31.591197] 64-byte region [ffff8880a925b580, ffff8880a925b5c0) [ 31.602881] The buggy address belongs to the page: [ 31.607785] page:ffffea0002a496c0 count:1 mapcount:0 mapping:ffff8880a925b000 index:0x0 [ 31.615898] flags: 0xfff00000000100(slab) [ 31.620018] raw: 00fff00000000100 ffff8880a925b000 0000000000000000 0000000100000020 [ 31.627873] raw: ffffea0002651920 ffffea0002acc060 ffff88813fe74340 0000000000000000 [ 31.635870] page dumped because: kasan: bad access detected [ 31.641548] [ 31.643147] Memory state around the buggy address: [ 31.648049] ffff8880a925b480: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.655379] ffff8880a925b500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.662715] >ffff8880a925b580: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc [ 31.670043] ^ [ 31.674421] ffff8880a925b600: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.681752] ffff8880a925b680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.689082] ================================================================== [ 31.696412] Disabling lock debugging due to kernel taint [ 31.701961] Kernel panic - not syncing: panic_on_warn set ... [ 31.701961] [ 31.709311] CPU: 0 PID: 7974 Comm: syz-executor283 Tainted: G B 4.14.289-syzkaller #0 [ 31.718391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 31.727724] Call Trace: [ 31.730286] dump_stack+0x1b2/0x281 [ 31.733885] panic+0x1f9/0x42d [ 31.737054] ? add_taint.cold+0x16/0x16 [ 31.741002] ? ___preempt_schedule+0x16/0x18 [ 31.745382] kasan_end_report+0x43/0x49 [ 31.749330] kasan_report_error.cold+0xa7/0x191 [ 31.754246] ? build_segment_manager+0x7ca3/0x80e0 [ 31.759147] __asan_report_load4_noabort+0x68/0x70 [ 31.764046] ? kasan_unpoison_task_stack_below+0x50/0x50 [ 31.769467] ? build_segment_manager+0x7ca3/0x80e0 [ 31.774367] build_segment_manager+0x7ca3/0x80e0 [ 31.779109] ? flush_sit_entries+0x2840/0x2840 [ 31.783666] ? __raw_spin_lock_init+0x28/0x100 [ 31.788223] f2fs_fill_super+0x2e21/0x56a0 [ 31.792433] ? snprintf+0xa5/0xd0 [ 31.795865] ? f2fs_commit_super+0x3a0/0x3a0 [ 31.800245] ? ns_test_super+0x50/0x50 [ 31.804103] ? set_blocksize+0x125/0x380 [ 31.808135] mount_bdev+0x2b3/0x360 [ 31.811743] ? f2fs_commit_super+0x3a0/0x3a0 [ 31.816122] mount_fs+0x92/0x2a0 [ 31.819463] vfs_kern_mount.part.0+0x5b/0x470 [ 31.823930] do_mount+0xe65/0x2a30 [ 31.827442] ? retint_kernel+0x2d/0x2d [ 31.831312] ? copy_mount_string+0x40/0x40 [ 31.835519] ? memset+0x20/0x40 [ 31.838770] ? copy_mount_options+0x1fa/0x2f0 [ 31.843235] ? copy_mnt_ns+0xa30/0xa30 [ 31.847093] SyS_mount+0xa8/0x120 [ 31.850515] ? copy_mnt_ns+0xa30/0xa30 [ 31.854382] do_syscall_64+0x1d5/0x640 [ 31.858241] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.863411] RIP: 0033:0x7f78529d43aa [ 31.867096] RSP: 002b:00007ffff50e23e8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 31.874774] RAX: ffffffffffffffda RBX: 00007ffff50e2440 RCX: 00007f78529d43aa [ 31.882014] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffff50e2400 [ 31.889254] RBP: 00007ffff50e2400 R08: 00007ffff50e2440 R09: 0000000000000000 [ 31.896500] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 31.903744] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 31.911153] Kernel Offset: disabled [ 31.914757] Rebooting in 86400 seconds..